Request failed with status code 502
Request failed with status code 502

Compliance Management

Learn how to do ISO 27001, PCI-DSS, NIST, SOC2 or any other compliance requirement with eramba

  • Episodes14
  • Duration1h 26m 28s
  • LanguagesEN
Episode 1

Introduction to the Compliance Module

Quick introduction to the module key capabilities

Compliance modules in eramba are used to explain to people how compliant your organisation is with any type of regulatory or contractual requirement.

The process starts by uploading free and open format (CSV based) compliance packages (PCI, ISO, NIST, SOC2, SOX, Etc).  These are provided by us or made by you. You link them with other modules in eramba such as Internal Controls, Policies, Exceptions, Risks, Projects, etc. in order to explain to people how you comply with them.

This allows you to record how your organisation decided to deal with each requirement, making it easy to demonstrate to auditors how you meet the requirements by simply viewing the related items. If the auditor needs more details a shortcut provides you direct access to the related items.

Since every module has a status of its own you can tell how they are performing (Risks have reviews, Policies have reviews, Controls have Audits, etc.). This is how you can tell, not just what solution you have for each compliance requirement, but also if those solutions are working or not. The state of each solution item is displayed in the status column.  Compliance requirement items inherit the status of their solutions making it pretty clear to know when something is ok or not.

This well proven approach uses different charts  to show how well your organisation is complying with any set of requirements and how that has changed over time. Collecting reviews, audits, etc. using eramba’s built in notifications will ensure you have evidence ready for your auditors to review.  It will also show when you do not have the evidence as well! You no longer need to review your compliance a month or two before the audit, the audits built in to eramba help ensure you are compliant throughout the year.

You can upload mappings in between compliance packages if you wish.  Where requirements are the same for different compliance packages and these have a mapping between them eramba will automatically link the treatment you have recorded to both compliance items.

 

Once you complete your audits any finding can be tracked down in eramba along with the teams responsible, deadlines and affected compliance requirements. As with any module in eramba you can use filters, reports and notifications to collect status from teams across your organisation and ensure you never miss a deadline.